Introduction to API Testing - The New Trend of Software Testing
What is API testing?
API testing is a type of software testing that involves testing application programming interfaces (APIs) directly and as part of integration testing to determine if they meet expectations for functionality, reliability, performance, and security. Since APIs lack a GUI, API testing is performed at the message layer and can validate application logic very quickly and effectively.
API testing is critical for automation testing and CI/CD process because it can coop with short release cycles and frequent changes especially the presentation layer without breaking the test outputs. API testing also requires less maintenance effort compare to UI automation testing which makes it a preferred choice for Agile and DevOps teams.
A side note, for Web and mobile applications, API often means Web services, and API testing refers to the automation test performed to the Web services.
API testing types
API testing is generally categorized into common categories below:
API Testing Types
1. Validation Testing
Validation testing is among the final steps and plays an essential role in the development process. Validation test helps verify the aspects of product, behavior, and efficiency.
In other words, the validation testing can be seen as an assurance of the correct development against the stated user needs and requirements.
2. Functional Testing
Functional testing includes the testing of particular functions in the codebase. These features are the representation of specific scenarios to make sure the API functions are handled well within the planned parameters.
3. End-to-end Testing
UI testing is defined as a test of the user interface for the API and other integral parts. It is mainly about the UI functions, in which the interface is naturally graphical or rely on the command-line endpoint calls.
Generally, the test is more likely of the interface which ties into the API rather than the API testing itself. Although UI testing is not a specific test of API in term of the codebase, this still provides overview information about the health, usability, and efficiency of both front-end and back-end.
4. Load Testing
Load testing is generally done after a specific unit, or the whole codebase has been completed to check if the theoretical solutions work as the practical plan.
Load testing is performed to ensure the performance under both normal and at peak conditions. To do so, load testing takes on some various scenarios:
Baseline – tests the API against theoretical regular traffic that the API expects in ordinary usage;
Theoretical maximum traffic – this is to make sure during the full load periods, the solutions respond to those requests properly;
Overload test – to test the maximum capability according to the theory, then add 10-20% more on the peak traffic.
5. Runtime/Error Detection
This testing type is related to the actual running of the API, particularly with the universal results of utilizing the API codebase. Generally, they focus on one of the below aspects:
Monitoring: The runtime of the compiled code is tested for different implementation errors, handler failures, and other intrinsic issues to help ensure the codebase does not contain any insecurity.
Execution Errors: The code needs to show the response to valid requests and marks the failure for invalid requests predictably and in a known way, just the same with valid requests.
Resource Leaks: The requests which are invalid or commonly illegal will be submitted to the API to test the memory, resource, data, or operation leaks/insecurities
Error Detection: The known failure scenarios will be used to test the code to make sure the errors are appropriately figured and resolved
API testing best practices
1. Functional and Non-functional testing priorities
API is an essential part of modern web applications, its non-functional aspects such as performance, security, connectivity will affect the system heavily. The behavior makes traditional testing mindset, which focuses on functional testing first, not suitable anymore. Functional and non-functional testing should be performed at the same time with equal priority.
2. Data-driven
The most important feature of any API test tools is the capability of the data-driven approach. Lacking data-driven ability will lead to test data hardcoded, duplicated test scripts, test verification, therefore causing massive effort at maintenance phase.
Together with data-driven, there are some important notes for test data that we should pay attention seriously: data types, blank, empty, null string. With RESTful web services, the input data is typically in JSON format, and missing value of a specific key is considered differently (null, empty) in some cases. To avoid these ambiguous test scenarios, using a subset of input data models are highly suggested.
How to select the right API testing tools
Commercial tools (SoapUI Pro, Tricentis Tosca) are perceived as a safe bet as they are likely to come with available manuals, support, and training. Unfortunately, they remain some drawbacks: vendor tools are historically programmer-unfriendly as they tend to use proprietary scripting languages that programmers don’t want to spend time learning; they also tend to be heavyweight; and test scripts may be brittle, easily broken by minor changes to the application.
Particularly, these tools are generally expensive to purchase and maintain the license.
However, there are recently some vendor tools that can eliminate some disadvantages from the above vendor tools. For instance, Katalon Studio is a free tool with comparable features to commercial tools, or Postman is considered easy to setup and use compared the rest of commercial solutions. You can learn more about the top API testing tools here.
Selecting the right API testing tool is challenging but you can shortlist the choice from the candidates above considering your requirements, pros and cons of each solution — try not too ambitious at the early stage and doing the POC with the top 3 relevant solutions. You will have a better understanding of your project’s critical factors and issues to eliminate tools or fine-tune your choice to the most suitable solution for your project.
Learn more: https://www.katalon.com/resources-center/tutorials/introduction-api-testing/
